DOD is Protecting 5G Networks with Emerging Security Techniques

As the Defense Department continues to implement 5G capacities, the agency is looking to new security techniques like network slicing, blockchain and zero trust to protect and quickly deliver sensitive data to the end user.

“We have 5G pilots underway within the continental United States for things like health care, maintenance and so on. What I’m very excited about is applications for 5G in the tactical environment — for actual communications downrange — and working with our allies on that as we look at the standards and the tactical applications. I think it can be a game changer,” DOD CIO John Sherman said during the Billington Cybersecurity Summit in Washington, D.C., Thursday.

Brian Kelley, DOD’s Joint Base San Antonio (JBSA) 5G principal investigator at the agency’s JBSA 5G PMO, explained that 5G will support edge computing and help move applications closer to the user, lowering the latency of communication. DOD is also looking into multi-access edge computing (MEC) to provide cloud computing capabilities and an IT service environment at the edge of the network.

“[5G] is envisioned for scenarios where you need a large distribution of devices to cover a wide area, but in a very dense environment,” Kelley said. “One of the benefits of 5G is the ability for the network itself to be fairly malleable in terms of how you configure it. … Many of the 5G use cases are really critical in terms of the embedding of critical infrastructure with the 5G use cases, so we have to get to security right.”

As DOD continues to adopt 5G, the agency is looking at how it can secure its networks. Kelley explained that the agency is leveraging Security Edge Protection Proxy (SEPP) and security techniques for concealing user identities. Automation techniques such as machine learning and artificial intelligence could also help DOD better secure its networks.

“One of the key network functions is something referred to as a network data analytics function. So, this function ties nicely into zero trust, machine learning and continuous monitoring. These kinds of systems can be deployed for edge-based solutions that can maintain security,” Kelley said.

Network slicing overlays multiple virtual networks on top of a shared network domain, and there are native network slices that are defined within the factory standard: one related to broadband communications, one related to ultra-reliable low latency communications, one related to massive “internet of things” and one related to connected vehicles.

“The network slicing — one of the things it gives you is an ability to know your quality of services for your system, so network slicing is kind of a formalized way of saying, ‘I want this kind of quality,’” Kelley said. “If there is a vulnerability and the network performance is degraded, then network slice should help in terms of being able to define what is acceptable performance.”

Kelley noted that there’s an opportunity to create additional network slices that are customized and incorporate end-to-end encryption to help protect the overall network. Blockchain security could also be used to automate interactions and transactions for applications.

Kelley noted “non-standalone versions of 5G” are one of the challenges DOD has faced in securing its networks.

“One of the challenges is the idea of coexistence,” Kelley said. “There needs to be a backward compatibility with 4G … 5G has a lot of native improvements in terms of security that maybe didn’t exist in 4G. So when we have to coexist with sort of backward-looking networks … it’s a weakest-link issue, where our vulnerabilities may be based on the fact that we are connecting with and integrating with a hybrid set of networks that aren’t 5G native.”

DOD is approaching security with a “layer model,” which integrates DevSecOps to embed security into the development process. The model also relies on zero trust and continuous monitoring. Moving forward, Kelley advocated for worldwide 5G standards, which would ultimately benefit the security of the network.

“If we want security to be baked in … then we need to take government policies and standards and rather than having a piece of ad hoc … formulate these policies and make them a standard worldwide. I think that would be very good,” Kelley said. “If you’re just designing a generic system without these kinds of standards, it’s much more difficult than to layer in a standardized model for zero trust.”